lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070919010323.GI17546@outflux.net>
Date: Tue, 18 Sep 2007 18:03:23 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-514-1] X.org vulnerability

=========================================================== 
Ubuntu Security Notice USN-514-1         September 18, 2007
xorg-server vulnerability
CVE-2007-4730
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  xserver-xorg-core               1:1.0.2-0ubuntu10.7

After a standard system upgrade you need to restart your session to affect
the necessary changes.

Details follow:

Aaron Plattner discovered that the Composite extension did not correctly
calculate the size of buffers when copying between different bit depths.
An authenticated user could exploit this to execute arbitrary code with
root privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.0.2-0ubuntu10.7.diff.gz
      Size/MD5:    32472 6a6d37635fc4ea64383125476f12125f
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.0.2-0ubuntu10.7.dsc
      Size/MD5:     1804 721150a166cc2624006d393b50b7efdd
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.0.2.orig.tar.gz
      Size/MD5:  7966941 f44f0f07136791ed7a4028bd0dd5eae3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.7_amd64.deb
      Size/MD5:  1414612 b040adf842f4808332b1c2ae9398fd35
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.7_amd64.deb
      Size/MD5:  4048390 34e71f9f1dc217e59defadaf11005c9d
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.7_amd64.deb
      Size/MD5:   294578 53bd2b029db77a964f95740f9b156476
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.7_amd64.deb
      Size/MD5:  1564722 2097c92c355d4353a035c7c70063b937
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.7_amd64.deb
      Size/MD5:    49962 3bc71c9ae003ab40f1b79488278994d1
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.7_amd64.deb
      Size/MD5:   849026 3347c6029df6a0e39d3f71e4691f4760

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.7_i386.deb
      Size/MD5:  1241798 eecebed99b8d63b9b7caa562a228638f
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.7_i386.deb
      Size/MD5:  3531696 a5c73e04b5f17546deb0dd688dfe2743
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.7_i386.deb
      Size/MD5:   294620 aa2bc63cf7effea51e6867a8d866c508
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.7_i386.deb
      Size/MD5:  1382916 30246f435cc61b20243bea831673a3c3
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.7_i386.deb
      Size/MD5:    42502 8d0e1cd2999487dd86a67082ca04e4c1
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.7_i386.deb
      Size/MD5:   748778 129c73ea8525ba80211c5ba2dab196ee

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.7_powerpc.deb
      Size/MD5:  1368488 89e2dfd7dd992227131fc34786068797
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.7_powerpc.deb
      Size/MD5:  4076120 5ed11b5c4784173687107fa13762928f
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.7_powerpc.deb
      Size/MD5:   294634 071a6282d870a46df34f3fa13466eaa3
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.7_powerpc.deb
      Size/MD5:  1506792 97b2fc49134d81c1956cb21e15b2292b
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.7_powerpc.deb
      Size/MD5:    55218 bd239e1bd4ff9a6700569fcf9f8e5826
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.7_powerpc.deb
      Size/MD5:   825392 120bb955450c27103b72174be816ad09

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.7_sparc.deb
      Size/MD5:  1313534 b8d8b442473a36f3df11ba6c11132b86
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.7_sparc.deb
      Size/MD5:  3789634 d44baec0b8f7b1f2b7de12eecc4f11ef
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.7_sparc.deb
      Size/MD5:   295044 e64f3fa2265dd31ad60e126e9d5fb33b
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.7_sparc.deb
      Size/MD5:  1445910 48715a64bdd21fa226d482a11fb9542d
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.7_sparc.deb
      Size/MD5:    43944 64852f714a49d1fce9c070ccc7598623
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.7_sparc.deb
      Size/MD5:   758650 2eb14130350612ee86f3a6dbe4b462bc


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ